How IP spies and thieves work
To build solid defenses, consider that anyone seeking your IP will:
Look for publicly available information
Leonard Fuld, a competitive intelligence expert, says more damage is done by a company's lax security than by thieves. All of the data that thieves can gather from the examples below tells a competitor what your company is doing. Combined, the right details might help a rival reduce your first-to-market advantage, improve the efficiency of their own manufacturing facility or refocus their research in a profitable direction:
- Salespeople showing off upcoming products at trade shows
- Technical organizations describing their R&D facilities in job listings
- Suppliers bragging about sales on their websites
- Publicity departments issuing press releases about new patent filings
- Companies in industries targeted by regulators over-reporting information about manufacturing facilities to the Environmental Protection Agency or OSHA, which can become part of the public record
- Employees posting comments on Internet bulletin boards
Work the phones
John Nolan, founder of the Phoenix Consulting Group, has some amazing stories of what people will tell him over the phone. People like him are the reason that seemingly benign lists of employee names, titles and phone extensions, or internal newsletters announcing retirements or promotions, should be closely guarded. That's because the more Nolan knows about the person who answers the phone, the better he can work that person for information. "I identify myself and say, 'I'm working on a project, and I'm told you're the smartest person when it comes to yellow marker pens. Is this a good time to talk?'" says Nolan, describing his methods.
"Fifty out of 100 people are willing to talk to us with just that kind of information." The other 50? They ask what Phoenix Consulting Group is. Nolan replies (and this is true) that Phoenix is a research company working on a project for a client he can't name because of a confidentiality agreement. Fifteen people will then usually hang up, but the other 35 start talking. Not a bad hit rate.
Nolan starts taking notes that will eventually make their way into two files. The first file is information for his client, and the second is a database of 120,000 past sources, including information about their expertise, how friendly they were, and personal details such as their hobbies or where they went to graduate school. Often business intelligence gatherers use well-practiced tactics for eliciting information without asking for it directly, or by implying that they are someone they aren't.
This tactic is known as "social engineering." Such scams might also include "pretext" calls from someone pretending to be a student working on a research project, an employee at a conference who needs some paperwork, or a board member's secretary who needs an address list to mail Christmas cards. Most of those calls are not illegal. Lawyers say that while it is against the law to pretend to be someone else, it's not illegal to be dishonest.
Sign up for CIO Asia eNewsletters.